[Swan] LibreSwan with NetworkManger
Paul Wouters
paul at nohats.ca
Thu Aug 7 19:14:44 EEST 2014
On Thu, 7 Aug 2014, Gareth Williams wrote:
> which I got from:
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Virtual_Private_Networks.html
> (para 4.7.8)
>
> On NetworkManager's openSwan config, I've got the defaults, with the addition
> of:
>
> Gateway = <my server's hostname>
> Group Name = <I don't know what goes here, but I have to put something>
That is a likely sign it does not support RSA/certificate authentication.
> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
> method=draft-ietf-ipsec-nat-t-ike-02/03, because port floating is off
Why is your NAT-T partially disabled?
> Aug 07 06:53:03 <my FQDN> pluto[11098]: packet from x.y.77.197:500: initial
> Aggressive Mode message from x.y.77.197 but no (wildcard) connection has been
> configured with policy=PSK+XAUTH+AGGRESSIVE
> Am I correct in assuming that the PSK+XAUTH+AGGRESSIVE is what NetworkManager
> is trying to connect by? In which case, am I wasting time trying to connect
> using X509 certs as per the website?
Probably :(
If someone has some cycles to add GUI support to NetworkManager-libreswan to add
support for RSA/Certs that would be great!
Paul
More information about the Swan
mailing list